From 438e7ac8388d48e66e750f14b6be62f839ad4663 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 09:31:28 +0000
Subject: [PATCH 1/7] Add database field for A record, correct other DNS record
 fields

---
 db.sql | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/db.sql b/db.sql
index 81307296..078d3db5 100644
--- a/db.sql
+++ b/db.sql
@@ -431,9 +431,10 @@ CREATE TABLE `domains` (
   `domain_id` int(11) NOT NULL AUTO_INCREMENT,
   `domain_name` varchar(200) NOT NULL,
   `domain_expire` date DEFAULT NULL,
-  `domain_name_servers` VARCHAR(255) NULL DEFAULT NULL,
-  `domain_mail_servers` VARCHAR(255) NULL DEFAULT NULL,
-  `domain_raw_whois` TEXT NULL DEFAULT NULL,
+  `domain_ip` varchar(255) DEFAULT NULL,
+  `domain_name_servers` varchar(255) DEFAULT NULL,
+  `domain_mail_servers` varchar(255) DEFAULT NULL,
+  `domain_raw_whois` text DEFAULT NULL,
   `domain_created_at` datetime NOT NULL,
   `domain_updated_at` datetime DEFAULT NULL,
   `domain_archived_at` datetime DEFAULT NULL,

From ead895aad59116e35c6a622b324e239ae38e3f11 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 09:32:08 +0000
Subject: [PATCH 2/7] Fetch A record details for domain when added

---
 client_domain_edit_modal.php | 10 ++++++++++
 client_domains.php           |  1 +
 post.php                     |  6 ++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/client_domain_edit_modal.php b/client_domain_edit_modal.php
index a475154e..027d3c91 100644
--- a/client_domain_edit_modal.php
+++ b/client_domain_edit_modal.php
@@ -72,6 +72,16 @@
 
             <div class="tab-pane fade" id="pills-records">
 
+              <div class="form-group">
+                <label>Domain IP(s)</label>
+                <div class="input-group">
+                  <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-project-diagram"></i></span>
+                  </div>
+                  <textarea class="form-control" id="editDomainIP" name="domain_ip" rows="1" disabled></textarea>
+                </div>
+              </div>
+
               <div class="form-group">
                 <label>Name Servers</label>
                 <div class="input-group">
diff --git a/client_domains.php b/client_domains.php
index 41c2c87c..94b7d38c 100644
--- a/client_domains.php
+++ b/client_domains.php
@@ -168,6 +168,7 @@ include("client_domain_add_modal.php");
                 document.getElementById("editDomainId").value = domain_id;
                 document.getElementById("editDomainName").value = domain.domain_name;
                 document.getElementById("editExpire").value = domain.domain_expire;
+                document.getElementById("editDomainIP").value = domain.domain_ip;
                 document.getElementById("editNameServers").value = domain.domain_name_servers;
                 document.getElementById("editMailServers").value = domain.domain_mail_servers;
                 document.getElementById("editRawWhois").value = domain.domain_raw_whois;
diff --git a/post.php b/post.php
index b7783370..cd62cb28 100644
--- a/post.php
+++ b/post.php
@@ -5315,20 +5315,22 @@ if(isset($_POST['edit_domain'])){
         $expire = "0000-00-00";
     }
 
-    // NS, MX and WHOIS data
+    // A, NS, MX and WHOIS data
     if(filter_var($name, FILTER_VALIDATE_DOMAIN) && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')){
       $domain = escapeshellarg($name);
+      $a = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short $domain")));
       $ns = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short NS $domain")));
       $mx = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short MX $domain")));
       $whois = trim(strip_tags(mysqli_real_escape_string($mysqli,shell_exec("whois -H $domain | sed 's/   //g' | head -30"))));
     }
     else{
+      $a = '';
       $ns = '';
       $mx = '';
       $whois = '';
     }
 
-    mysqli_query($mysqli,"UPDATE domains SET domain_name = '$name', domain_registrar = $registrar,  domain_webhost = $webhost, domain_expire = '$expire', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois', domain_updated_at = NOW() WHERE domain_id = $domain_id AND company_id = $session_company_id");
+    mysqli_query($mysqli,"UPDATE domains SET domain_name = '$name', domain_registrar = $registrar,  domain_webhost = $webhost, domain_expire = '$expire', domain_ip = '$a', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois', domain_updated_at = NOW() WHERE domain_id = $domain_id AND company_id = $session_company_id");
 
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Domain', log_action = 'Modified', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");

From 3a6b893f4f37b05ca24fa289906489aca8158797 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 10:28:17 +0000
Subject: [PATCH 3/7] Attempt to parse the expiry date for .com/.org/.net
 domains - hacky

---
 client_domain_edit_modal.php |  2 +-
 post.php                     | 46 +++++++++++++++++++++++++-----------
 2 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/client_domain_edit_modal.php b/client_domain_edit_modal.php
index 027d3c91..9a3c0bff 100644
--- a/client_domain_edit_modal.php
+++ b/client_domain_edit_modal.php
@@ -99,7 +99,7 @@
                   <div class="input-group-prepend">
                     <span class="input-group-text"><i class="fa fa-fw fa-mail-bulk"></i></span>
                   </div>
-                  <textarea class="form-control" id="editMailServers" name="mail_servers" disabled></textarea>
+                  <textarea class="form-control" id="editMailServers" name="mail_servers" rows="1" disabled></textarea>
                 </div>
               </div>
 
diff --git a/post.php b/post.php
index cd62cb28..e9202ddb 100644
--- a/post.php
+++ b/post.php
@@ -5283,17 +5283,27 @@ if(isset($_POST['add_domain'])){
     // NS, MX and WHOIS data
     if(filter_var($name, FILTER_VALIDATE_DOMAIN) && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')){
         $domain = escapeshellarg($name);
+        $a = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short $domain")));
         $ns = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short NS $domain")));
         $mx = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short MX $domain")));
         $whois = trim(strip_tags(mysqli_real_escape_string($mysqli,shell_exec("whois -H $domain | sed 's/   //g' | head -30"))));
+
+        // Get expiry date for com/org/net domains - This is very hacky. An API would be better.
+        if(!empty($whois && $expire == '0000-00-00')){
+            if(substr($_POST['name'], -3) == 'com' OR substr($_POST['name'], -3) == 'org' OR substr($_POST['name'], -3) == 'net'){
+                $pos = strpos($whois, 'Registry Expiry Date:');
+                $expire = substr($whois, $pos+22,10);
+            }
+        }
     }
     else{
-      $ns = '';
-      $mx = '';
-      $whois = '';
+        $a = '';
+        $ns = '';
+        $mx = '';
+        $whois = '';
     }
 
-    mysqli_query($mysqli,"INSERT INTO domains SET domain_name = '$name', domain_registrar = $registrar,  domain_webhost = $webhost, domain_expire = '$expire', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois', domain_created_at = NOW(), domain_client_id = $client_id, company_id = $session_company_id");
+    mysqli_query($mysqli,"INSERT INTO domains SET domain_name = '$name', domain_registrar = $registrar,  domain_webhost = $webhost, domain_expire = '$expire', domain_ip = '$a', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois', domain_created_at = NOW(), domain_client_id = $client_id, company_id = $session_company_id");
 
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Domain', log_action = 'Created', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
@@ -5312,22 +5322,30 @@ if(isset($_POST['edit_domain'])){
     $webhost = intval($_POST['webhost']);
     $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
     if(empty($expire)){
-        $expire = "0000-00-00";
+      $expire = "0000-00-00";
     }
 
     // A, NS, MX and WHOIS data
     if(filter_var($name, FILTER_VALIDATE_DOMAIN) && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')){
-      $domain = escapeshellarg($name);
-      $a = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short $domain")));
-      $ns = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short NS $domain")));
-      $mx = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short MX $domain")));
-      $whois = trim(strip_tags(mysqli_real_escape_string($mysqli,shell_exec("whois -H $domain | sed 's/   //g' | head -30"))));
+        $domain = escapeshellarg($name);
+        $a = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short $domain")));
+        $ns = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short NS $domain")));
+        $mx = strip_tags(mysqli_real_escape_string($mysqli,shell_exec("dig +short MX $domain")));
+        $whois = trim(strip_tags(mysqli_real_escape_string($mysqli,shell_exec("whois -H $domain | sed 's/   //g' | head -30"))));
+
+        // Get expiry date for com/org/net domains - This is very hacky. An API would be better.
+        if(!empty($whois)){
+            if(substr($_POST['name'], -3) == 'com' OR substr($_POST['name'], -3) == 'org' OR substr($_POST['name'], -3) == 'net'){
+                $pos = strpos($whois, 'Registry Expiry Date:');
+                $expire = substr($whois, $pos+22,10);
+            }
+        }
     }
     else{
-      $a = '';
-      $ns = '';
-      $mx = '';
-      $whois = '';
+        $a = '';
+        $ns = '';
+        $mx = '';
+        $whois = '';
     }
 
     mysqli_query($mysqli,"UPDATE domains SET domain_name = '$name', domain_registrar = $registrar,  domain_webhost = $webhost, domain_expire = '$expire', domain_ip = '$a', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois', domain_updated_at = NOW() WHERE domain_id = $domain_id AND company_id = $session_company_id");

From 81e67f4ed3c72845b3f900507d1cddd51ce9640d Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 10:54:55 +0000
Subject: [PATCH 4/7] Comment client_name as not returned in sql query. Comment
 client_id as we already have it

---
 client_overview.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/client_overview.php b/client_overview.php
index e0f655f6..6986faf4 100644
--- a/client_overview.php
+++ b/client_overview.php
@@ -61,8 +61,8 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
                         $contact_extension = $row['contact_extension'];
                         $contact_mobile = formatPhoneNumber($row['contact_mobile']);
                         $contact_email = $row['contact_email'];
-                        $client_id = $row['client_id'];
-                        $client_name = $row['client_name'];
+                        //$client_id = $row['client_id'];
+                        //$client_name = $row['client_name'];
                         $department_name = $row['department_name'];
 
                         ?>

From bdef68ddf5c8ddfda23f565ae664af53a2d1ed4d Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 11:27:23 +0000
Subject: [PATCH 5/7] Add notes to client overview

---
 ajax.php            |  12 +++
 client_overview.php | 257 +++++++++++++++++++++++++-------------------
 2 files changed, 156 insertions(+), 113 deletions(-)

diff --git a/ajax.php b/ajax.php
index 78c7c877..bc052352 100644
--- a/ajax.php
+++ b/ajax.php
@@ -141,4 +141,16 @@ if(isset($_GET['network_get_json_details'])){
   }
 
   echo json_encode($response);
+}
+
+if(isset($_POST['client_set_notes'])){
+  $client_id = intval($_POST['client_id']);
+  $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
+
+  // Update notes
+  mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'");
+
+  // Logging
+  mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
+
 }
\ No newline at end of file
diff --git a/client_overview.php b/client_overview.php
index 6986faf4..98e32b42 100644
--- a/client_overview.php
+++ b/client_overview.php
@@ -5,7 +5,7 @@ $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN departmen
 $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE vendor_client_id = $client_id AND company_id = $session_company_id ORDER BY vendor_updated_at DESC LIMIT 5");
 
 $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id = $client_id AND documents.company_id = $session_company_id ORDER BY document_updated_at DESC LIMIT 5");
-    
+
 $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id AND tickets.company_id = $session_company_id ORDER BY ticket_updated_at DESC LIMIT 5");
 
 $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE login_client_id = $client_id AND company_id = $session_company_id ORDER BY login_updated_at DESC LIMIT 5");
@@ -40,161 +40,192 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
 <hr>
 <div class="row">
 
-    <?php if(mysqli_num_rows($sql_contacts) > 0){ ?> 
+  <?php if(mysqli_num_rows($sql_contacts) > 0){ ?>
+
+    <!-- Notes -->
+
+    <div class="col-2">
+
+      <div class="card card-outline card-danger mb-3">
+        <div class="card-body">
+          <h5 class="card-title mb-2"><i class="fa fa-sticky-note"></i> Client Notes</h5>
+          <textarea class="form-control" id="clientNotes" onblur="updateClientNotes(<?php echo $client_id ?>)"><?php echo $client_notes ?></textarea>
+        </div>
+      </div>
+
+    </div>
 
     <!-- Contacts-->
 
-    <div class="col-6">
-        
-        <div class="card card-outline card-primary mb-3">
-            <div class="card-body">
-                <h5 class="card-title mb-2"><i class="fa fa-users"></i> Recent Contacts</h5>
-                <table class="table table-borderless table-sm">
-                    <tbody>
-                    <?php
+    <div class="col-4">
 
-                    while($row = mysqli_fetch_array($sql_contacts)){
-                        $contact_id = $row['contact_id'];
-                        $contact_name = $row['contact_name'];
-                        $contact_title = $row['contact_title'];
-                        $contact_phone = formatPhoneNumber($row['contact_phone']);
-                        $contact_extension = $row['contact_extension'];
-                        $contact_mobile = formatPhoneNumber($row['contact_mobile']);
-                        $contact_email = $row['contact_email'];
-                        //$client_id = $row['client_id'];
-                        //$client_name = $row['client_name'];
-                        $department_name = $row['department_name'];
+      <div class="card card-outline card-primary mb-3">
+        <div class="card-body">
+          <h5 class="card-title mb-2"><i class="fa fa-users"></i> Recent Contacts</h5>
+          <table class="table table-borderless table-sm">
+            <tbody>
+            <?php
 
-                        ?>
-                        <tr>
-                            <td><a href="client.php?client_id=<?php echo $client_id; ?>&tab=contacts"><?php echo $contact_name; ?></a>
-                                <br><small class="text-secondary"><?php echo $contact_title; ?></small>
-                            </td>
-                            <td><?php echo $contact_email; ?></td>
-                            <td><?php echo "$contact_phone $contact_extension"; ?><br><?php echo $contact_mobile; ?></td>
-                        </tr>
+            while($row = mysqli_fetch_array($sql_contacts)){
+              $contact_id = $row['contact_id'];
+              $contact_name = $row['contact_name'];
+              $contact_title = $row['contact_title'];
+              $contact_phone = formatPhoneNumber($row['contact_phone']);
+              $contact_extension = $row['contact_extension'];
+              $contact_mobile = formatPhoneNumber($row['contact_mobile']);
+              $contact_email = $row['contact_email'];
+              //$client_id = $row['client_id'];
+              //$client_name = $row['client_name'];
+              $department_name = $row['department_name'];
 
-                        <?php
-                    }
-                    ?>
+              ?>
+              <tr>
+                <td><a href="client.php?client_id=<?php echo $client_id; ?>&tab=contacts"><?php echo $contact_name; ?></a>
+                  <br><small class="text-secondary"><?php echo $contact_title; ?></small>
+                </td>
+                <td><?php echo $contact_email; ?></td>
+                <td><?php echo "$contact_phone $contact_extension"; ?><br><?php echo $contact_mobile; ?></td>
+              </tr>
 
-                    </tbody>
-                </table>
-            </div>
+              <?php
+            }
+            ?>
+
+            </tbody>
+          </table>
         </div>
+      </div>
     </div>
 
-    <?php } ?>
+  <?php } ?>
 
-    <?php if(mysqli_num_rows($sql_contacts) > 0){ ?> 
+  <?php if(mysqli_num_rows($sql_contacts) > 0){ ?>
 
-    <!-- Domains Expiring-->
+    <!-- Domains Expiring -->
 
     <div class="col-3">
-        
-        <div class="card card-outline card-danger mb-3">
-            <div class="card-body">
-                <h5 class="card-title mb-2"><i class="fa fa-globe"></i> Domains Expiring Soon <small class="text-secondary">(30d)</small></h5>
-                <table class="table table-borderless table-sm">
-                    <tbody>
-                    <?php
 
-                    while($row = mysqli_fetch_array($sql_domains_expiring)){
-                        $domain_id = $row['domain_id'];
-                        $domain_name = $row['domain_name'];
-                        $domain_expire = $row['domain_expire'];
+      <div class="card card-outline card-danger mb-3">
+        <div class="card-body">
+          <h5 class="card-title mb-2"><i class="fa fa-globe"></i> Domains Expiring Soon <small class="text-secondary">(30d)</small></h5>
+          <table class="table table-borderless table-sm">
+            <tbody>
+            <?php
 
-                        ?>
-                        <tr>
-                            <td><?php echo $domain_name; ?></td>
-                            <td class="text-danger"><?php echo $domain_expire; ?></td>
-                        </tr>
+            while($row = mysqli_fetch_array($sql_domains_expiring)){
+              $domain_id = $row['domain_id'];
+              $domain_name = $row['domain_name'];
+              $domain_expire = $row['domain_expire'];
 
-                        <?php
-                    }
-                    ?>
+              ?>
+              <tr>
+                <td><?php echo $domain_name; ?></td>
+                <td class="text-danger"><?php echo $domain_expire; ?></td>
+              </tr>
 
-                    </tbody>
-                </table>
-            </div>
+              <?php
+            }
+            ?>
+
+            </tbody>
+          </table>
         </div>
+      </div>
     </div>
 
-    <?php } ?>
+  <?php } ?>
 
-    <?php if(mysqli_num_rows($sql_asset_warranties_expiring) > 0){ ?> 
+  <?php if(mysqli_num_rows($sql_asset_warranties_expiring) > 0){ ?>
 
     <!-- Asset Warrenties Expiring-->
 
     <div class="col-3">
-        
-        <div class="card card-outline card-danger mb-3">
-            <div class="card-body">
-                <h5 class="card-title mb-2"><i class="fa fa-laptop"></i> Asset Warranties Expiring Soon <small class="text-secondary">(90d)</small></h5>
-                <table class="table table-borderless table-sm">
-                    <tbody>
-                    <?php
 
-                    while($row = mysqli_fetch_array($sql_asset_warranties_expiring)){
-                        $asset_id = $row['asset_id'];
-                        $asset_name = $row['asset_name'];
-                        $asset_warranty_expire = $row['asset_warranty_expire'];
+      <div class="card card-outline card-danger mb-3">
+        <div class="card-body">
+          <h5 class="card-title mb-2"><i class="fa fa-laptop"></i> Asset Warranties Expiring Soon <small class="text-secondary">(90d)</small></h5>
+          <table class="table table-borderless table-sm">
+            <tbody>
+            <?php
 
-                        ?>
-                        <tr>
-                            <td><?php echo $asset_name; ?></td>
-                            <td class="text-danger"><?php echo $asset_warranty_expire; ?></td>
-                        </tr>
+            while($row = mysqli_fetch_array($sql_asset_warranties_expiring)){
+              $asset_id = $row['asset_id'];
+              $asset_name = $row['asset_name'];
+              $asset_warranty_expire = $row['asset_warranty_expire'];
 
-                        <?php
-                    }
-                    ?>
+              ?>
+              <tr>
+                <td><?php echo $asset_name; ?></td>
+                <td class="text-danger"><?php echo $asset_warranty_expire; ?></td>
+              </tr>
 
-                    </tbody>
-                </table>
-            </div>
+              <?php
+            }
+            ?>
+
+            </tbody>
+          </table>
         </div>
+      </div>
     </div>
 
-    <?php } ?>
+  <?php } ?>
 
-    <?php if(mysqli_num_rows($sql_tickets_stale) > 0){ ?> 
+  <?php if(mysqli_num_rows($sql_tickets_stale) > 0){ ?>
 
     <!-- Stale Tickets -->
 
     <div class="col-5">
-        
-        <div class="card card-outline card-danger mb-3">
-            <div class="card-body">
-                <h5 class="card-title mb-2"><i class="fa fa-ticket-alt"></i> Stale Tickets <small class="text-secondary">(14d)</small></h5>
-                <table class="table table-borderless table-sm">
-                    <tbody>
-                    <?php
 
-                    while($row = mysqli_fetch_array($sql_tickets_stale)){
-                        $ticket_id = $row['ticket_id'];
-                        $ticket_prefix = $row['ticket_prefix'];
-                        $ticket_number = $row['ticket_number'];
-                        $ticket_subject = $row['ticket_subject'];
-                        $ticket_created_at = $row['ticket_created_at'];
+      <div class="card card-outline card-danger mb-3">
+        <div class="card-body">
+          <h5 class="card-title mb-2"><i class="fa fa-ticket-alt"></i> Stale Tickets <small class="text-secondary">(14d)</small></h5>
+          <table class="table table-borderless table-sm">
+            <tbody>
+            <?php
 
-                        ?>
-                        <tr>
-                            <td><?php echo "$ticket_prefix$ticket_number"; ?></td>
-                            <td><?php echo $ticket_subject; ?></td>
-                            <td class="text-danger"><?php echo $ticket_created_at; ?></td>
-                        </tr>
+            while($row = mysqli_fetch_array($sql_tickets_stale)){
+              $ticket_id = $row['ticket_id'];
+              $ticket_prefix = $row['ticket_prefix'];
+              $ticket_number = $row['ticket_number'];
+              $ticket_subject = $row['ticket_subject'];
+              $ticket_created_at = $row['ticket_created_at'];
 
-                        <?php
-                    }
-                    ?>
+              ?>
+              <tr>
+                <td><?php echo "$ticket_prefix$ticket_number"; ?></td>
+                <td><?php echo $ticket_subject; ?></td>
+                <td class="text-danger"><?php echo $ticket_created_at; ?></td>
+              </tr>
 
-                    </tbody>
-                </table>
-            </div>
+              <?php
+            }
+            ?>
+
+            </tbody>
+          </table>
         </div>
+      </div>
     </div>
 
-    <?php } ?>
+  <?php } ?>
 
-</div>
\ No newline at end of file
+</div>
+
+<script>
+  function updateClientNotes(client_id) {
+      var notes = document.getElementById("clientNotes").value;
+
+      // Send a POST request to ajax.php as ajax.php with data client_set_notes=true, client_id=NUM, notes=NOTES
+      jQuery.post(
+          "ajax.php",
+          {
+              client_set_notes: 'TRUE',
+              client_id: client_id,
+              notes: notes
+          }
+      )
+
+
+  }
+</script>
\ No newline at end of file

From 8bea883fa60a6f9b4b768d1b64610093af28e57a Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 11:29:21 +0000
Subject: [PATCH 6/7] Change note outline to primary

---
 client_overview.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client_overview.php b/client_overview.php
index 98e32b42..9ae36b16 100644
--- a/client_overview.php
+++ b/client_overview.php
@@ -46,7 +46,7 @@ $sql_tickets_stale = mysqli_query($mysqli,"SELECT * FROM tickets
 
     <div class="col-2">
 
-      <div class="card card-outline card-danger mb-3">
+      <div class="card card-outline card-primary mb-3">
         <div class="card-body">
           <h5 class="card-title mb-2"><i class="fa fa-sticky-note"></i> Client Notes</h5>
           <textarea class="form-control" id="clientNotes" onblur="updateClientNotes(<?php echo $client_id ?>)"><?php echo $client_notes ?></textarea>

From 1d84fade631e06cbea0fde4a30c802e3cd6c3d4c Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 13 Mar 2022 18:35:29 +0000
Subject: [PATCH 7/7] Add basic portal functionality

---
 portal/check_login.php |  33 ++++++++++++
 portal/index.php       |  72 +++++++++++++++++++++++++
 portal/login.php       |  96 +++++++++++++++++++++++++++++++++
 portal/ticket.php      | 117 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 318 insertions(+)
 create mode 100644 portal/check_login.php
 create mode 100644 portal/index.php
 create mode 100644 portal/login.php
 create mode 100644 portal/ticket.php

diff --git a/portal/check_login.php b/portal/check_login.php
new file mode 100644
index 00000000..41667071
--- /dev/null
+++ b/portal/check_login.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * Client Portal
+ * Checks if the client is logged in or not
+ */
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+if(!$_SESSION['client_logged_in']){
+  header("Location: login.php");
+  die;
+}
+
+// SESSION FINGERPRINT
+$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
+$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
+
+// Get user agent
+$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+
+// Get client info
+$session_client_id = $_SESSION['client_id'];
+$session_contact_id = $_SESSION['contact_id'];
+
diff --git a/portal/index.php b/portal/index.php
new file mode 100644
index 00000000..42f49452
--- /dev/null
+++ b/portal/index.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ * Client Portal
+ * Landing / Home page for the client portal
+ */
+
+include('../config.php');
+include('../functions.php');
+include('check_login.php');
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id' LIMIT 1");
+$contact_row = mysqli_fetch_array($contact_sql);
+
+$contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_status != 'Closed' AND ticket_contact_id = '$session_contact_id' AND ticket_client_id = '$session_client_id'");
+$tickets = mysqli_fetch_array($contact_tickets);
+?>
+
+
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title><?php echo $config_app_name; ?> | Client Portal</title>
+
+  <!-- Tell the browser to be responsive to screen width -->
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <!-- Font Awesome -->
+  <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+
+  <!-- Theme style -->
+  <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+
+  <!-- Google Font: Source Sans Pro -->
+  <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+</head>
+<div class="container">
+  <h2>Logged in as <?php echo $contact_row['contact_name'] ?></h2>
+
+  <br>
+  <h3>My open tickets</h3>
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">Subject</th>
+        <th scope="col">State</th>
+      </tr>
+    </thead>
+    <tbody>
+
+        <?php
+        while($ticket = mysqli_fetch_array($contact_tickets)){
+          echo "<tr>";
+          echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
+          echo "<td>$ticket[ticket_status]</td>";
+          echo "</tr>";
+        }
+        ?>
+    </tbody>
+  </table>
+</div>
\ No newline at end of file
diff --git a/portal/login.php b/portal/login.php
new file mode 100644
index 00000000..95209987
--- /dev/null
+++ b/portal/login.php
@@ -0,0 +1,96 @@
+<?php
+/*
+ * Client Portal
+ * Landing / Home page for the client portal
+ */
+
+include('../config.php');
+include('../functions.php');
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
+
+  $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
+  $password = $_POST['password'];
+
+  if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
+    $_SESSION['login_message'] = 'Invalid e-mail';
+  }
+  else{
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
+    $row = mysqli_fetch_array($sql);
+    if($row['contact_auth_method'] == 'local'){
+      if(password_verify($password, $row['contact_password_hash'])){
+        $_SESSION['client_logged_in'] = TRUE;
+        $_SESSION['client_id'] = $row['contact_client_id'];
+        $_SESSION['contact_id'] = $row['contact_client_id'];
+        $_SESSION['company_id'] = $row['company_id'];
+
+        header("Location: index.php");
+
+        //TODO: Logging
+      }
+      else{
+        $_SESSION['login_message'] = 'Incorrect username or password';
+      }
+
+    }
+    else{
+      $_SESSION['login_message'] = 'Incorrect username or password';
+    }
+  }
+
+
+
+}
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title><?php echo $config_app_name; ?> | Client Portal Login</title>
+
+  <!-- Tell the browser to be responsive to screen width -->
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <!-- Font Awesome -->
+  <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+
+  <!-- Theme style -->
+  <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+
+  <!-- Google Font: Source Sans Pro -->
+  <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+</head>
+<div class="container">
+  <div class="col-4 offset-3">
+    <br>
+    <h2><?php echo $config_app_name; ?> - Client Portal Login</h2>
+
+    <form action="login.php" method="post">
+      <input class="form-control" type="text" name="email" placeholder="someone@example.com">
+
+      <input class="form-control" type="password" name="password" placeholder="Pa$$word">
+
+      <button class="btn-primary" type="submit" name="login">Login</button>
+    </form>
+    <?php
+      if(!empty($_SESSION['login_message'])){
+        echo $_SESSION['login_message'];
+        unset($_SESSION['login_message']);
+      }
+    ?>
+  </div>
+</div>
+
diff --git a/portal/ticket.php b/portal/ticket.php
new file mode 100644
index 00000000..f5a60f2f
--- /dev/null
+++ b/portal/ticket.php
@@ -0,0 +1,117 @@
+<?php
+/*
+ * Client Portal
+ * Ticket detail page
+ */
+
+include('../config.php');
+include('../functions.php');
+include('check_login.php');
+
+if(!isset($_SESSION)){
+  // HTTP Only cookies
+  ini_set("session.cookie_httponly", True);
+  if($config_https_only){
+    // Tell client to only send cookie(s) over HTTPS
+    ini_set("session.cookie_secure", True);
+  }
+  session_start();
+}
+
+if(isset($_GET['id']) && intval($_GET['id'])) {
+  $ticket_id = intval($_GET['id']);
+  $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
+  $ticket = mysqli_fetch_array($ticket_sql);
+
+  if ($ticket) {
+    ?>
+
+    <!DOCTYPE html>
+    <html>
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
+
+    <!-- Tell the browser to be responsive to screen width -->
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <!-- Font Awesome -->
+    <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
+
+    <!-- Theme style -->
+    <link rel="stylesheet" href="../dist/css/adminlte.min.css">
+
+    <!-- Google Font: Source Sans Pro -->
+    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+  </head>
+  <div class="container">
+
+    <h2>Ticket Details - <?php echo $ticket['ticket_subject'] ?></h2>
+    <p>State: <?php echo $ticket['ticket_status'] ?></p>
+    <p>Priority: <?php echo $ticket['ticket_priority'] ?></p>
+
+    <hr>
+
+    <?php
+    $sql = mysqli_query($mysqli,"SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type = 'Public' ORDER BY ticket_reply_id DESC");
+
+    while($row = mysqli_fetch_array($sql)){;
+      $ticket_reply_id = $row['ticket_reply_id'];
+      $ticket_reply = $row['ticket_reply'];
+      $ticket_reply_created_at = $row['ticket_reply_created_at'];
+      $ticket_reply_by = $row['ticket_reply_by'];
+      $ticket_reply_by_display = $row['user_name'];
+      $user_id = $row['user_id'];
+      $user_avatar = $row['user_avatar'];
+      $user_initials = initials($row['user_name']);
+      ?>
+
+      <div class="card card-outline card-info mb-3">
+        <div class="card-header">
+          <h3 class="card-title">
+            <div class="media">
+              <?php if(!empty($user_avatar)){ ?>
+                <img src="<?php echo "../uploads/users/$user_id/$user_avatar"; ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle">
+              <?php }else{ ?>
+                <span class="fa-stack fa-2x">
+              <i class="fa fa-circle fa-stack-2x text-secondary"></i>
+              <span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
+            </span>
+                <?php
+              }
+              ?>
+
+              <div class="media-body">
+                <?php echo $ticket_reply_by_display; ?>
+                <br>
+                <small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "modified: $ticket_reply_updated_at"; } ?></small>
+              </div>
+            </div>
+          </h3>
+        </div>
+
+        <div class="card-body">
+          <?php echo $ticket_reply; ?>
+        </div>
+      </div>
+
+      <?php
+
+    }
+
+    ?>
+
+
+  </div>
+
+
+    <?php
+  }
+  else{
+    echo "Ticket ID not found!";
+  }
+}
+else{
+  header("Location: index.php");
+}
\ No newline at end of file